From URL: "* AST-2022-001: res_stir_shaken: resource exhaustion with large files When using STIR/SHAKEN, it???s possible to download files that are not certificates. These files could be much larger than what you would expect to download. * AST-2022-002: res_stir_shaken: SSRF vulnerability with Identity header When using STIR/SHAKEN, it???s possible to send arbitrary requests like GET to interfaces such as localhost using the Identity header. * AST-2022-003: func_odbc: Possible SQL Injection Some databases can use backslashes to escape certain characters, such as backticks. If input is provided to func_odbc which includes backslashes it is possible for func_odbc to construct a broken SQL query and the SQL query to fail."
CVE-2022-26498 (https://downloads.asterisk.org/pub/security/AST-2022-001.html): An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2. CVE-2022-26499 (https://downloads.asterisk.org/pub/security/AST-2022-002.html): An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2. CVE-2022-26651 (https://downloads.asterisk.org/pub/security/AST-2022-003.html): An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.
From the release announcements for 16.26.0, 18.12.0, 19.4.0: "Security bugs fixed in this release: ----------------------------------- * ASTERISK-29476 - res_stir_shaken: Blind SSRF vulnerabilities (Reported by Clint Ruoho) * ASTERISK-29838 - ${SQL_ESC()} not correctly escaping a terminating \ (Reported by Leandro Dardini) * ASTERISK-29872 - res_stir_shaken: Resource exhaustion with large files (Reported by Benjamin Keith Ford)"
CVE-2022-31031 (https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202): https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue.
